Microsoft/vscode
1
0
Fork 0
mirror of https://github.com/microsoft/vscode.git synced 2026-04-27 12:04:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

add favicon and nonce enforcement in microsoft auth

Browse Source
This commit is contained in:
Tyler Leonhardt
2022-04-15 15:47:20 -07:00
parent 70c896184e
commit 9c15f4185a
2 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
extensions/microsoft-authentication/src/authServer.ts
View File

@@ -109,7 +109,8 @@ export class LoopbackAuthServer implements ILoopbackServer {
case '/callback': {
const code = reqUrl.searchParams.get('code') ?? undefined;
const state = reqUrl.searchParams.get('state') ?? undefined;
if (!code || !state) {
const nonce = (reqUrl.searchParams.get('nonce') ?? '').replace(/ /g, '+');
if (!code || !state || !nonce) {
res.writeHead(400);
res.end();
return;
@@ -119,6 +120,11 @@ export class LoopbackAuthServer implements ILoopbackServer {
res.end();
throw new Error('State does not match.');
}
if (this.nonce !== nonce) {
res.writeHead(302, { location: `/?error=${encodeURIComponent('Nonce does not match.')}` });
res.end();
throw new Error('Nonce does not match.');
}
deferred.resolve({ code, state });
res.writeHead(302, { location: '/' });
res.end();